A Blog about Programming, Security, Business, Web, Earn money

Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Security: the FBI supports a fitness app rather greedy in personal data

The FBI is currently promoting a whole new fitness app.  Called FBIFitTest app, it tracks the physical training of agents of the federal agency.  Problem, according to some experts, the app collects far too much personal data.  The number of permissions requested is also far too high.

Surprisingly, the Federal Bureau of Investigation, the famous FBI is currently promoting its own fitness app.  Called FBIFit Test, it invites users to discover and try out the office workers' physical training programs as it is called.

Only very quickly, several associations defending the rights of citizens wanted to alert users on certain points.  The Fight For The Future association, for example, claims that the FBI application requires far too much access rights for a simple fitness app.  On Android, it can collect GPS data, access Bluetooth and Wi-Fi networks as well as data from the SD card in read and write mode, or even prevent the smartphone from going to sleep.  All of these permissions are listed on the Google Play Store.
Share:

Fifteen Android apps infected with a dangerous virus


The British security company Sophos has just released a new report in which it lists fifteen or so potentially dangerous Android apps for smartphones. Despite Google's selection and security procedures for its Play Store, the apps pointed to by the Sophos report were on Google's app store.

These applications are actually infected by a malware virus that broadcasts ads on the smartphones on which they are installed. Unfortunately, it is quite complicated to uninstall them. Indeed, the icon of some apps disappears once the download is complete, which makes it difficult to uninstall them.

In other cases, the infected applications copy the icon of other legitimate applications which makes the distinction difficult. For example, a fraudulent application copied the icon and name of the Google Play Store or pretended to be an "update" app, displaying the Android symbol.

According to the security company, nearly 1.3 million smartphones have downloaded at least one of these applications and would be infected by the virus. After making this discovery, Sophos warned Google about the problem last July. The Mountain View firm assured that it has since resolved the problem.

Pinned applications are:
  • Flash On Calls & Messages
  • Rent QR Code
  • Image Magic
  • Generate Elves-
  • SavExpense
  • QR Artifact
  • Find Your Phone
  • Scavenger – speed
  • Auto Cut Out Pro
  • Background Cut Out
  • Photo Background
  • ImageProcessing
  • Background Cut Out
  • Auto Cut Out
  • Auto Cut Out 2019
What to do if one is infected?

If you downloaded any of these apps, it may still be on your phone. You've certainly faced a lot of advertising on your smartphone since this summer. Remember to take a look at the applications installed on your phone in the dedicated settings section - not just on the desktop.

Check that each one is legitimate. If this is not the case, you can always try to delete them from this list. If you do not succeed, unfortunately you will not have to go through the factory settings reset.

As the security company Sophos so aptly points out in its report, it is often a good idea to look at the comments of applications before downloading. A must, especially when you do not know the application or its developer. This could prevent you from finding yourself in a delicate situation.
Share:

Private VPN test: the protection of personal data first and foremost

    If it does not shine by its speed or its price, PrivateVPN Trunkspace promises a strong protection of privacy.
The name PrivateVPN is not unknown, but the latest service from Trunkspace Hosting should not be confused with the Swedish site PrivateVPN.com. The Trunkspace service makes it easy to connect to servers in 48 countries.

Features and services

The Windows Trunkspace VPN offers a single panel interface listing all supported national connections. The VPN usually offers at least two possible choices per country. To connect to a specific server, simply select it and click the Connect / Disconnect button to the right of the country name.
    A bar at the top of the window is colored red to indicate that there is no connection in progress, it turns yellow when the VPN establishes a connection and green when the connection is active. In the "Settings", which are accessed by the menu icon located in the upper left corner, there are additional options. The Stealth VPN check box is used to hide traffic to bypass network firewalls that block VPN connections.

    In "Advanced Setup" on the "Settings" page, there is an option to disable the Internet at logoff, cutting off any Internet access when the VPN connection is interrupted. Finally, in "Routing", it is possible to specify that only certain domains can pass through the VPN. This option is useful if you only want to protect the connection to an enterprise mailbox, for example, while maintaining occasional browsing outside the VPN. The routing function is not particularly difficult to use, but it is rather reserved for experienced users.
    Strangely, Trunkspace chose not to add the app icon to the taskbar. To make it appear, you must open the system tray, then click on the icon to display the application in the foreground. When our colleagues asked Trunkspace CEO Atif Khan why he chose this approach, he replied that many Trunkspace customers preferred not to have a VPN icon in the taskbar. "From our experience and from what we've seen, the VPN is typically like" set and forget ". Many of our early customers have complained about finding the icon in the taskbar, because it's not an application like Microsoft Word, an email client, or a web browser that you need to interact with. permanently ".

Performance

Trunkspace's performance was good in some cases, but overall not as good as other services. According to tests of our colleagues at PCWorld, PrivateVPN's speed averaged 19.26%. This is not high considering that the performance of the best services tested reaches 50% and the average performance of all VPNs tested is about 30%. But that does not mean that Trunkspace speeds are not fast. As the testers state, most PrivateVPN scores are double-digit, but not high enough to score better. However, as usual, everyone's experience may vary depending on the ISP, the router and the devices.

Confidentiality, anonymity and trust

Trunkspace is officially based in Montreal. The service is domiciled in a UPS shop in the city, but it's not unusual for a small company whose employees work remotely. The CEO of Trunkspace is, as mentioned before, Atif Khan, and the technical director is Jessica Chan. The Trunkspace Privacy Policy or Terms of Service do not contain any logging commitment. But the homepage of the VPN indicates that it does not record any "personal information" such as "IP addresses, connection and disconnect timestamps, bandwidth consumption, and DNS queries".

 It's a good thing to find this information somewhere, but presented as it is, it has more marketing argument than opposable engagement. Trunkspace has recognized the nuance and plans to include these elements in its privacy policy or terms of service in the coming weeks. To register with Trunkspace PrivateVPN, you must also provide the company with more information than many other services claim, including its name, email address, postal address and phone number, regardless of the mode. of payment. Trunkspace accepts payments by PayPal, credit card, bank transfer, gift cards, and several cryptocurrencies.

Conclusion

The VPN approach of Trunkspace is clear. The service does not offer additional features like some VPNs, and its speeds are acceptable, but not exceptional. But, given the offer, the price is a bit too high. There are cheaper solutions on the market with similar privacy policies that require less personal information at registration. PrivateVPN's privacy policy commitments are significant. And if the service revised its tariff down and required less personal information, PC World testers would recommend it more strongly.

Share:

A flaw in the PHP Adminer tool exposes sites to data theft (update)

    The attacks perpetrated by the Magecart group on online transactions may well have exploited a flaw in the PHP Adminer tool, widely used by MySQL database administrators and PostgreSQL.
     A localized vulnerability in the PHP Adminer tool used to administer various databases, including MySQL and PostgreSQL, allows attackers to retrieve data - or inject it - onto websites or e-commerce sites using open source databases. The flaw is associated with the MySQL Load Data command. The information was first reported by the Security Boulevard website. Several other sites, including BleepingComputer, and security researchers have commented and detailed, including on Reddit.

    The flaw can be exploited to access data on which a client has read rights during an interaction between that client and a MySQL server that has been configured to accept connections to unreliable servers. The MySQL documentation also mentions the risks associated with the use of Load Data associated with the keyword Local on the client workstation. An attacker can in fact use the malicious server to make a Load Data Local response and request any file on which the client has read access.

Exploited for Magecart attacks on online payments

    According to researcher Willem de Groot who spoke on the Reddit discussion on January 20, it is this flaw that would have been exploited by the group of attackers Magecart to intercept payment transactions on different sites by the insertion of a code . The Magecart attacks listed included British Airways, Ticketmaster Entertainment and Cathay Pacific Airways. For Willem de Groot, those intervened in October 2018 would have gone through this fault (mdj).

    In a post published a few days ago, the researcher describes the various steps that allow attackers to proceed using the Adminer tool, widely used among administrators of different databases. "Attackers can abuse it to fetch passwords on popular applications like Magento and Wordpress, and take control of the site's database," he wrote, detailing how they are doing. "I tested Adminer versions 4.3.1 to 4.6.2 and found them all vulnerable. Adminer 4.6.3 was delivered in June 2018 and it looks healthy. " He adds that it is unclear whether the security breach was corrected voluntarily or by chance, as Adminer did not release a security update.

Share:

Create your own FileProtector to hide your files

In today's article we will talk about programming. More specifically, we will program a small utility to hide / protect your important files (passwords, important memories ... etc).

Little notes before you start:

This utility is written in VB.NET language, it is an old project brought up to date.
This utility is only available on Windows.
For starters, and to edit the source code, you will need to install Visual Studio Community (the integrated development environment of Microsoft).

You will also need to install the .NET Framework, version 3.5 minimum (normally already present on most PCs). And you will need a minimum of knowledge in VB.NET language (or want to learn and understand;)).

Want to learn programming to get started on your own projects right now? Download the complete guide to learn C, C # and Python? Click here. Use the promo code "FIRSTAPROG" to get it at -20% (8 codes remaining).

What is a FileProtector?
It is a utility to protect your sensitive files with a password. This type of tool already exists, Winrar for example can do it, but we will make a portable utility, that is to say that does not require installation and contains only a small file. Unlike other FileProtector's, it will not clearly indicate that it is one, it will display a default error message, letting others believe it is a mundane program.

The main purpose of this article is to provide you with a nice little project to familiarize yourself with the programming, since practicing is what allows you to learn faster. I also do not allow myself to consider this program as perfect, it has defects, it can be improved, modified or even rewritten in another programming language, and this is precisely what allows to practice and learn. Do not hesitate to suggest additions / modifications / improvements, because everyone can learn from others.

Example of operation
In order to make you understand how it works, nothing better than a video demonstration.

Explanations of the demonstration:
- We have two files to protect that we place in a demo.rar file.
- Drag and drop this demo.rar file into FileProtector.
- FileProtector asks us for a password and demo.rar number.
- We delete the original files and demo.rar
- Then click on FileProtector which displays a false error message.
- In the right corner of the error message, you can display the dialog box to decrypt the file.
- We give back the password and FileProtector we recreate the file demo.rar called this time dechiffre.rar and containing the initial files.

How to program FileProtector?
Let's start from a very general point of view.
There are two ways to use FileProtector
To encrypt
Drag and drop the file to be encrypted on FileProtector. This is handled via Environment.GetCommandLineArgs () which retrieves the full path of the dragged / dropped file.

We then read the contents of the dragged / dropped file with System.Text.Encoding.Default.GetString ((IO.File.ReadAllBytes (file))) and we ask for a password to encrypt all its contents with InputBox.

We now want to add the contents of the encrypted file to the end of FileProtector (the latter thus plays the role of encrypted file container).

For this we will first add a separator that will allow us to separate the contents of FileProtector contents of the encrypted file. We will also add the extension of the encrypted file so that it can be deciphered with the correct extension later:
FilePut(1, "#separateur#" & IO.Path.GetExtension(fichier) & "#ext#" & chiffre)
Here is a schema that shows the contents of FileProtector when it hides an encrypted file:


But to add this data in FileProtector, we have to go through a temporary copy of FileProtector because it is already running and we can not edit a file that is running.

We will create a temporary file identical to FileProtector, called "copy.exe" and we will add the information in question:
FileOpen(1, Application.StartupPath & "\copy.exe", OpenMode.Binary, OpenAccess.ReadWrite, OpenShare.Default)

Finally, it will remain to delete the old FileProtector and rename copy.exe FileProtector.exe. It is a combination to keep a single file FileProtector.exe by bypassing the limits mentioned above. For this, we use another temporary file that is a series of batch command to do the actions cited and self-delete.

Here is the source code that starts when FileProtector starts:

Here is the Rename And Delete procedure which is perhaps the most ambiguous part of this program:

To decipher:
FileProtector must be started as a normal program. This will display an error message to keep curious users away.

But it has a hidden feature to enable decryption. This is a small, transparent image in the lower right corner of the window.

Clicking on this image displays a dialog asking for the password to decrypt the hidden file.

The decryption then takes place, we do the same thing as before: we create a temporary copy file of FileProtector.exe to recover the encrypted content.

We decipher this content and recreate an empty FileProtector.exe file and the decrypted initial file, with the correct extension.

We reuse a batch file for that.

We can then repeat the steps and encrypt a new file.

Here is the code that executes when you click on the hidden image:



Known limitations
You can only put one file at a time in FileProtector (use a .zip file to place several files).

Files or folders with accents "é, è, à, etc" as well as network paths make (or can make) crash the program.

If the decryption password is incorrect, the temporary copy is not deleted.

The source code can (largely) be improved.

Maximum size tested: 400MB (the speed of (un) encryption and the final size depends on the encryption algorithm used).

Your antivirus may suspect this utility but it is not malicious. In this regard, sandboxed executions prevent the program from running normally.

Supplied as such, without warranty.

Improvements Track
Save the file name with the extension, to recover exactly the same file after decryption.

Manage the character problem (?).

Create an external process to avoid the (ugly) use of a bat file that opens a command prompt.

Check that it works on other systems.

Use more recent libraries / functions than FileOpen, FilePut ... Etc. For example, IO.FileStream and IO.StreamWriter.

Suggest another way to display the decryption dialog.

For example with a keyboard shortcut:
Private Sub Form1_KeyDown(sender As Object, e As KeyEventArgs) Handles Me.KeyDown
    If e.Control AndAlso e.KeyCode = Keys.S Then 'si la touche controle est appuyée ainsi que la touche S
       'demander mot de passe
    End If
 End Sub
Share:

IPSec VPN Guide free


   IPSec is a transparent security layer for TCP/IP that is commonly used to create and operate Virtual Private Networks (VPNs).

  This document has been divided into several distinct parts according to the amount of information different types of readers are likely to need:

Part I. Learning about InJoy IPSec
Part II. Getting Started Guide
Part III. Setting up a VPN
Part IV. Advanced Features Guide
Part V. Deployment Examples
Part VI. References

  It is never too late to start learning and it would be a shame to miss an opportunity to learn a tutorial or course that can be so useful as IPSec VPN Guide especially when it is free! You do not have to register for expensive classes and travel from one part of town to another to take classes. All you need to do is download the course and open the PDF file. This specific program is classified in the Network category where you can find some other similar courses.

Share:

How to be a Programmer



To be a good programmer is difficult and noble. The hardest part of making real a collective vision of a software project is dealing with one's coworkers and customers. Writing computer programs is important and takes great intelligence and skill. But it is really child's play compared to everything else that a good programmer must do to make a software system that succeeds for both the customer and myriad colleagues for whom she is partially responsible. In this essay I attempt to summarize as concisely as possible those things that I wish someone had explained to me when I was twenty-one.
It is never too late to start learning and it would be a shame to miss an opportunity to learn a tutorial or course that can be so useful as How to be a Programmer especially when it is free! You do not have to register for expensive classes and travel from one part of town to another to take classes. All you need to do is download the course and open the PDF file. This specific program is classified in the Computer programming category where you can find some other similar courses.
Thanks to people (like you?) Who share th knowledge, you can discover the extent of our being selected to easily learn without spending a fortune! How to be a Programmer. is available for free by its author. But also many other tutorials are accessible just as easily!
Computer PDF guide you and allow you to save on your studies.
How to be a Programmer. help on the contact form if problems
Computer PDF is also courses for training in Pascal, C, C + +, Java, COBOL, VB, C #, perl and many others IT.
You should come see our Computer programming documents. You will find your happiness without trouble !
The latest news and especially the best tutorials on your favorite topics, that is why Computer PDF is number 1 for courses and tutorials for download in pdf files - How to be a Programmer. and Computer programming!
Download other tutorials for advice on How to be a Programmer. you will see ! We will do everything to help you !
And you dear surfers what you need? The best course and tutorial, and how to learn and use How to be a Programmer. of course!
Share:

Blog Archive

Recent Posts

Contact Us

Name

Email *

Message *